JP2010541441A - Computer-implemented method, data processing system, and computer program (router detection) for detecting unauthorized routers in a distributed network - Google Patents

Computer-implemented method, data processing system, and computer program (router detection) for detecting unauthorized routers in a distributed network Download PDF

Info

Publication number
JP2010541441A
JP2010541441A JP2010527400A JP2010527400A JP2010541441A JP 2010541441 A JP2010541441 A JP 2010541441A JP 2010527400 A JP2010527400 A JP 2010527400A JP 2010527400 A JP2010527400 A JP 2010527400A JP 2010541441 A JP2010541441 A JP 2010541441A
Authority
JP
Japan
Prior art keywords
destination
destination device
computer
internet protocol
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2010527400A
Other languages
Japanese (ja)
Inventor
コヘイン、スーザン、マリー
シエ、ジョニー、メン‐ハン
マクブリアティ、ジェラルド、フランシス
ミューレン、シャウン、パトリック
ムリッロ、ジェシカ、キャロル
Original Assignee
インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US11/867,726 priority Critical patent/US7991877B2/en
Application filed by インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation filed Critical インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation
Priority to PCT/EP2008/062593 priority patent/WO2009043745A1/en
Publication of JP2010541441A publication Critical patent/JP2010541441A/en
Application status is Pending legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance or administration or management of packet switching networks
    • H04L41/12Arrangements for maintenance or administration or management of packet switching networks network topology discovery or management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/20Hop count for routing purposes, e.g. TTL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

A computer-implemented method, data processing system, and computer program for discovering unauthorized routers in a network.
The processes of the illustrative embodiments first obtain the physical address of the suspect router or destination device. Create a data packet that includes at least the destination media access control field, the destination internet protocol field, and the active time field, where the destination media access control field contains the physical address of the destination device and the destination internet protocol field is Contains a fake Internet Protocol address and the activity time field contains a value indicating that the data packet has exceeded the time limit. Use the physical address in the destination media access control field to send the data packet to the destination device. If an overtime message is received from the destination device, it is determined that the destination device is available for routing.
[Selection] Figure 2

Description

  The present invention relates generally to an improved data processing system, and more particularly to a computer-implemented method, data processing system, and computer program product for discovering unauthorized routers in a network.

  Distributed network data processing systems are becoming increasingly popular in businesses and homes. Typically, a network data processing system includes a network having a medium that is used to provide a communication link between various devices and computers connected in the network. This medium includes wires that provide communication links with other devices, such as routers, that route data between various devices on the network. One protocol used to transmit data within a network is the Transmission Control Protocol / Internet Protocol (TCP / IP). This protocol is used on the Internet and can also be implemented in other networks such as an intranet, a local area network (LAN), or a wide area network (WAN). TCP provides a transport function to ensure that the total number of bytes transmitted is received correctly on the other side. IP is used to accept a packet from TCP and adds a header to the data link layer protocol to deliver the packet. IP addresses are used by all clients and servers in the network to send data between various systems.

  A router is a device that determines an appropriate path for moving data between different networks (ie, individual logical subnets). The router forwards the data packet along this path to the next device. The router can create or maintain a table of available routes and their conditions and use this information to determine the best route for a given packet.

  In the security world, unauthorized routers in an organization's network are known as rogue routers. Such unauthorized routers are not monitored, nor are machines on the router's subnet. Because there are some security concerns associated with such routers, organizations do not want unauthorized routers to operate on their networks. Even if the user is not malicious, the client device in the network can become a rogue router. For example, if a user connects a laptop computer to a client device and uses a modem to access e-mail over the Internet, the modem becomes an unauthorized router. If the operating system on the user's laptop includes a router function and that function is enabled, the laptop can also act as a router. This scenario creates a security problem because the user's laptop includes a weaker firewall than the authorized router. As a result, it is desirable that the network security administrator can detect unauthorized routers and stop their operation.

  When a packet is sent from one computer to another, the packet traverses zero or more routers. The series of routers that a packet traverses is called its route or path. One router traversal is called a hop. With current technology, the traceroute utility can detect routers in a network by recording the route through the distributed network between the source machine and the specified destination machine. . If the destination machine is active and the monitoring tool in the source machine can ping the destination machine's IP address, it can detect the router (s) between the source machine and the destination machine Is possible. The traceroute command operates by sending a series of packets (using Internet Control Message Protocol or ICMP) to the target destination machine. The first packet is constructed with a limited time-to-live (TTL) value designed to be exceeded by the first router receiving the packet for the first hop. For example, the TTL value in the first packet has a value of 1. When the first router encounters a packet with a TTL value of 1, the first router is obliged to send an ICMP time exceeded message (type 11) back to the sending source machine. The sending source machine also sends other packets containing an activity time (TTL) value of 2 for the second hop, and then others including an activity time (TTL) value of 3 for the third hop. Are transmitted in the same manner. As a result, each router in the path will respond with a type 11 packet between the sending source machine and the destination machine. When the final destination machine responds to the packet, the process stops.

  You can use the traceroute utility to find routers in the network, but the problem with the traceroute utility is if the routed subnet is unknown or the machines on the router subnet are silent If the machine is down, the network administrator cannot find out if the machine is routing. Therefore, current technology utilities such as traceroute only allow the source machine to discover if the machine is a router if it knows the IP address of the subnet or the IP address of the machine in the subnet. It is.

  The illustrative embodiments provide a computer-implemented method, data processing system, and computer program for discovering unauthorized routers in a network. The processes of the illustrative embodiments first obtain the physical address of a suspected router or destination device. Create a data packet that includes at least the destination media access control field, the destination internet protocol field, and the active time field, where the destination media access control field contains the physical address of the destination device and the destination internet protocol field is Contains a bogus internet protocol address and the active time field contains a value indicating that the data packet has exceeded the time limit. Use the physical address in the destination media access control field to send the data packet to the destination device. If an overtime message is received from the destination device, it is determined that the destination device is available for routing.

  The preferred embodiments of the present invention will now be described by way of example only with reference to the following drawings.

1 is a diagrammatic representation of a distributed data processing system in which example embodiments may be implemented. 1 is a block diagram of a data processing system in which example embodiments may be implemented. FIG. 2 illustrates an exemplary software architecture for a data processing system depicted in accordance with a preferred embodiment of the present invention. FIG. 2 illustrates a Transmission Control Protocol / Internet Protocol (TCP / IP) and similar protocols depicted by a preferred embodiment of the present invention. 1 is a block diagram of a rogue router hunter system for discovering unauthorized routers according to exemplary embodiments. FIG. FIG. 6 illustrates a packet created by a rogue router hunter in accordance with exemplary embodiments. 4 is a flow diagram of a process for discovering unauthorized routers in accordance with exemplary embodiments.

  Referring now to the drawings, and more particularly to FIGS. 1-2, an exemplary diagram of a data processing environment is shown in which illustrative embodiments may be implemented. It should be appreciated that FIGS. 1-2 are exemplary only and do not represent or imply any limitation with regard to the environments in which various embodiments may be implemented. Many changes can be made to the depicted environment.

  FIG. 1 depicts a diagrammatic representation of a network of data processing systems in which exemplary embodiments may be implemented. Network data processing system 100 is a network of computers in which the illustrative embodiments can be implemented. The network data processing system 100 includes a network 102, which is a medium used to provide communication links between various devices and computers connected together in the network data processing system 100. Network 102 may include connections such as wires, wireless communication links, or fiber optic cables.

  In the depicted example, server 104 and server 106 are connected to network 102 along with storage device 108. In addition, clients 110, 112, and 114 also connect to network 102. Clients 110, 112, and 114 can be, for example, personal computers or network computers. In the depicted example, server 104 provides data such as boot files, operating system images, and applications to clients 110, 112, and 114. Clients 110, 112, and 114 are clients to server 104 in this example. Network data processing system 100 may include additional servers, clients, and other devices not shown.

  In the depicted example, the network data processing system 100 represents a global set of networks and gateways that use the Transmission Control Protocol / Internet Protocol (TCP / IP) protocol suite to communicate with each other. Internet including. At the heart of the Internet is a backbone of high-speed data communication lines between large nodes or host computers, consisting of thousands of commercial, governmental, educational, and other computer systems that route data and messages. Of course, the network data processing system 100 may also be implemented as several different types of networks, such as, for example, an intranet, a local area network (LAN), or a wide area network (WAN). FIG. 1 is intended as an example, and not as an architectural limitation for different exemplary embodiments.

  Now referring to FIG. 2, a block diagram of a data processing system is shown in which illustrative embodiments may be implemented. Data processing system 200 is an example of a computer, such as server 104 or client 110 in FIG. 1, and in the illustrative embodiments, computer usable program code or instructions implementing the process may be located there. it can. In this illustrative example, data processing system 200 provides communication between processor unit 204, memory 206, persistent storage 208, communication device 210, input / output (I / O) device 212, and display 214. A communication fabric 202 is included.

  The processor unit 204 serves to execute instructions for software that can be loaded into the memory 206. The processor unit 204 may be a set of one or more processors or a multiprocessor core, depending on the particular implementation. Further, the processor unit 204 can be implemented using one or more heterogeneous processor systems in which a main processor is present along with a secondary processor on a single chip. As another illustrative example, processor unit 204 may be a symmetric multiprocessor system including multiple processors of the same type.

  Memory 206 may be, for example, a random access memory in this example. Persistent storage 208 can take a variety of forms depending on the particular implementation. For example, persistent storage 208 can include one or more components or devices. For example, persistent storage 208 can be a hard disk, flash memory, rewritable optical disk, rewritable magnetic tape, or some combination thereof. The media used by persistent storage 208 can also be removable. For example, a removable hard disk can be used for persistent storage 208.

  In these examples, the communication device 210 enables communication with other data processing systems or devices. In these examples, the communication device 210 is a network interface card. The communication device 210 can provide communication by using either or both of a physical link and a wireless communication link.

  The input / output device 212 enables data input / output by other devices that can be connected to the data processing system 200. For example, input / output device 212 may provide a connection for user input via a keyboard and mouse. Further, the input / output device 212 can send output to a printer. Display 214 provides a mechanism for displaying information to the user.

  The instructions for the operating system and application or program are located on persistent storage 208. These instructions can be loaded into memory 206 for execution by processor unit 204. The processes of the various embodiments can be performed by the processor unit 204 using computer-executed instructions that can be located in a memory, such as the memory 206. These instructions are referred to as program code, computer usable program code, or computer readable program code that can be read and executed by a processor in processor unit 204. The program code in various embodiments may be implemented on various physical or tangible computer readable media such as memory 206 or persistent storage 208.

  Program code 216 is located in a functional manner on computer readable medium 218 and may be loaded onto or transferred to data processing system 200 for execution by processor unit 204. Program code 216 and computer readable media 218 form computer program 220 in these examples. In one example, the computer-readable medium 218 is within a drive or other device that is part of the persistent storage device 208 for transfer onto a storage device such as, for example, a hard disk that is part of the persistent storage device 208. It can be in the form of a tangible such as an optical or magnetic disk to be inserted or placed. The tangible form of computer readable media 218 may take the form of persistent storage, such as a hard disk or flash memory, connected to data processing system 200.

  Alternatively, the program code 216 is transferred from the computer readable medium 218 to the data processing system 200 via a communication link to the communication device 210 and / or via a connection to the input / output device 212. can do. The communication link and / or connection may be physical or wireless in the illustrative example. A computer-readable medium may also take the form of a non-tangible medium such as a communication link or wireless transmission that includes program code.

  The various components illustrated for data processing system 200 do not impose architectural limitations on the manner in which various embodiments may be implemented. Various exemplary embodiments may be implemented in a data processing system that includes several components in addition to or in place of those illustrated for data processing system 200. The other components shown in FIG. 2 can be varied from the illustrative example shown.

  For example, a bus system can be used to implement the communication fabric 202, and the bus system can be comprised of one or more buses, such as a system bus or an input / output bus. Of course, the bus system may be implemented using any suitable type of architecture that allows data transfer between various components or devices connected to the bus system. Further, the communication device can include one or more devices used to send and receive data, such as a modem or a network adapter. Further, the memory can be, for example, a memory 206 or cache as detected in an interface and memory controller hub that can reside in the communication fabric 202.

  With reference to FIG. 3, an exemplary embodiment depicts a typical software architecture for a data processing system. This architecture can be implemented in a data processing system such as the data processing system 200 of FIG. At the lowest level of software architecture 300, operating system 302 is used to provide high-level functionality to users and other software. Such operating systems typically include a basic input / output system (BIOS). Communication software 304 directly accesses operating system functions or indirectly bypasses the operating system to access hardware for communication over the network to a network such as the Internet via a physical communication link. Provides communication through external ports.

  Application Program Interface (API) 306 allows system users, individuals, or software routines to invoke system functions using a standard-compliant interface without worrying about how a particular function is implemented. It is what you want to do. Network access software 308 represents any software that can be used to allow the system to access the network. This access can be to a network such as a local area network (LAN), a wide area network (WAN), or the Internet. In the case of the Internet, this software can include a program such as a Web browser. Application software 310 represents any number of software applications that are designed to react to data passing through the communication port to provide the desired functionality that the user is seeking. The mechanisms of the illustrative embodiments can be implemented in the communications software 304 in these examples.

  FIG. 4 is a diagram illustrating a Transmission Control Protocol / Internet Protocol (TCP / IP) and similar protocols depicted by example embodiments. TCP / IP and similar protocols are used by the communication architecture 400. In this example, communication architecture 400 is a four layer system. This architecture includes an application layer 402, a transport layer 404, a network layer 406, and a link layer 408. Each layer is responsible for handling various communication tasks. The link layer 408, also referred to as the data link layer or network interface layer, typically includes a device driver in the operating system and a corresponding network interface in the computer. This layer handles all the hardware details that physically interface with the network media used, such as optical or Ethernet cables.

  Network layer 406, also referred to as the Internet layer, handles the movement of data packets within the network. For example, the network layer 406 handles the routing of various data packets transferred by the network. The network layer 406 in the TCP / IP suite consists of several protocols, including Internet Protocol (IP), Internet Control Message Protocol (ICMP), and Internet Group Management Protocol (IGMP).

  The transport layer 404 then provides an interface between the network layer 406 and the application layer 402 that facilitates the transfer of data between the two host computers. The transport layer 404 can, for example, divide the data passed to it from the application into chunks of an appropriate size for the network layer below it, verify the received packet, and send the transmitted packet to the other side. It relates to setting a timeout for sure confirmation. There are two distinct transport protocols in the TCP / IP protocol suite: TCP and User Datagram Protocol (UDP). TCP includes dropout detection and retransmission services and provides a reliability service to ensure that data is properly transmitted between two hosts.

  Conversely, UDP is much simpler by simply sending data packets called datagrams from one host to another without providing a mechanism to ensure that the data has been properly transferred. Provide services to the application layer. When using UDP, the application layer must perform a reliability function.

  Application layer 402 handles the details of a particular application. For almost all implementations, Telnet for remote login, file transfer protocol (FTP), simple mail transfer protocol (SMTP) for email, simple network management protocol (SNMP: There are many common TCP / IP applications, including simple network management protocol. The mechanisms of the illustrative embodiments can be implemented as a process within the network layer 406.

  The illustrative embodiments provide a rogue router hunter system that detects potential security issues by discovering unauthorized routers in the network. An unauthorized router is a machine that allows the routing function on a machine to be used intentionally or unintentionally without being authorized by the network security administrator. In contrast to existing router discovery methods such as the traceroute utility, the rogue router hunter system of the exemplary embodiments can be used when the IP address of the subnet the machine is routing to is unknown and Enables the network security administrator to determine whether a machine is an unauthorized router if the IP address of the machine on the subnet is unknown. This determination can be made even if a machine on the subnet is not powered on or online at the time of the determination.

  FIG. 5 is a block diagram of a rogue router hunter system for discovering unauthorized routers in accordance with exemplary embodiments. In this example, the unauthorized routing device takes the form of a suspicious subnet router 502. Suspicious subnet router 502 can be a machine with routing capability that is enabled intentionally or unintentionally. Suspicious subnet router (SR) 502 includes a network interface card (NIC) to access Ethernet. The network interface card in the suspected subnet router 502 accesses the Ethernet using a media access control (MAC) address. The MAC address is a hardware address that clearly identifies each node in the network. For example, each network interface card has a different MAC address. The MAC address for the suspicious subnet router 502 is assigned to the network interface card at the manufacturing stage.

  Network 504 is an example of a distributed network that provides communication links between various devices and computers, such as network 102 of FIG. Suspicious subnet router 502 is implemented to route traffic within network 504. Suspicious subnet router 502 can forward data packets on network 504 to subnet 506. In this example, subnet 506 includes multiple machines, such as S1 508 to SN 510.

  Traditional systems use a traceroute utility to determine whether a router is out of order or out of order by sending packets to the router based on the router's known IP address, Router Hunter (RRH) host 512 includes a program that uses a traceroute utility in a unique manner to determine whether a device such as a suspected subnet router 502 is configured as a router. This determination can be made even when the rogue router hunter program does not know the IP address of the suspect router's subnet or the IP address of the machine on the subnet. The rogue router hunter host 512 includes a network interface card having a MAC address for accessing the network 504. Since the rogue router hunter host 512 knows the Ethernet address (MAC address) of the suspicious subnet router 502, it can communicate with the suspicious subnet router 502 via the network 504. The rogue router hunter 512 uses a ping utility to identify whether the target device is on the network, or uses the address resolution protocol when only the target IP address is known, By determining the address, the MAC address of the suspicious subnet router 502 can be obtained. If the packet does not include the subnet router's MAC address in the packet's destination address, the rogue router hunter 512 obtains the MAC address of the suspicious subnet router 502 because the subnet router does not listen or process the packet. There is a need. The ping utility operates by sending an ICMP request packet to the target device and listens for a response. The response packet can include a source MAC address, a destination or target MAC address, a source IP address, and a destination IP address. Thus, the program in the rogue router hunter host 512 has the source MAC address including the MAC address for the rogue router hunter host 512 and the destination MAC address including the MAC address for the suspected subnet router 502. Create a data packet containing. The data packet also includes a fake IP address for the suspected subnet router 502 in the packet's destination ID address field. The rogue router hunter will set the activity time (TTL) value of the packet to 1. The rogue router hunter host 512 then sends the data packet to the suspected subnet router 502 and the destination MAC address in the packet matches the MAC address of the network interface card in the suspected subnet router 502. Therefore, the suspicious subnet router 502 receives the packet.

  The suspicious subnet router 502 examines the packet header to determine if the destination IP address is addressed to the suspicious subnet router 502. If the destination IP address in the packet does not match the IP address of the suspected subnet router 502, the suspected subnet router 502 will discard the packet. Thus, if the subnet router is not configured to route, the subnet router checks the destination IP address, determines that the destination IP address is not the subnet router IP address, and drops the packet. However, if the router function of the suspicious subnet router 502 is enabled, the suspicious subnet router 502 does not discard the packet. In this router availability situation, the suspected subnet router 502 ultimately compares the destination IP address in the packet with the IP address in the routing table to determine the best route for the packet. The subnet router determines that the subnet router must send the packet forward because the destination IP address is not the subnet router's IP address, but the subnet router is configured to route . However, before the suspected subnet router 502 performs this comparison, the suspected subnet router 502 examines the time-to-live (TTL) field. The TTL field is a hop limit used to indicate a limit on the number of iterations that the packet can experience before discarding the packet. If the TTL field is less than or equal to 1, the suspected subnet router 502 returns an overtime (type 11) packet according to the ICMP protocol to the source IP address or rogue router hunter host 512 in the packet. Therefore, the subnet router determines that the packet cannot be routed because the TTL value is too low, and the subnet router notifies the packet sender of this problem. If the rogue router hunter host 512 receives such an ICMP time exceeded message, the rogue router hunter knows that the routing function of the suspected subnet router 502 is enabled. The rogue router hunter host 512 can alert the network security administrator about unauthorized routers.

  In a particular example, a suspicious subnet router 502 using an Advanced Interactive Executive (AIX) operating system receives and inspects packets from the rogue router hunter host 512. If the destination IP address in the packet does not match the IP address of the suspicious subnet router 502 and routing is enabled on the suspicious subnet router 502, the packet is sent to ip_mforward ( ) Is passed to the function. If the TTL in the packet expires (ie, TTL ≦ 1) and the suspected subnet router 502 responds with an ICMP time exceeded (type 11) message, the ip_mforward () function will return 0. If rogue router hunter host 512 receives such an ICMP time exceeded message from suspected subnet router 502, rogue router hunter host 512 can use suspected subnet router 502 for routing. To understand that

  FIG. 6 illustrates a packet created by a rogue router hunter according to exemplary embodiments. A packet 600 can be sent from the rogue router hunter 512 to determine if a machine, such as the suspected subnet router 502 of FIG. Packet 600 includes various fields including source MAC address 602, destination MAC address 604, source IP address 606, destination IP address 608, and TTL field 610.

  The source MAC address 602 is the MAC address of the device that transmits the packet or the rogue router hunter host 512 of FIG.

  The destination MAC address 604 is the MAC address of the device that should receive the packet or the suspected subnet router 502 of FIG. As mentioned above, in situations where the IP address of a suspected routing machine or a machine on a subnet is unknown, a conventional packet containing the source IP address and destination IP address to determine if the suspect machine is routing Can not be used. Using the MAC address of the suspect router that is known to the rogue router hunter, the rogue router hunter creates a packet 600 that allows the rogue router hunter to send the packet to the specific suspect router. • Hunter will address this issue. Thus, when a rogue router hunter sends a packet 600 to a suspect router, the suspect router receives the packet because the destination MAC address in the packet matches the MAC address of the suspect router's network interface card.

  The source IP address 606 is an IP address of a device or rogue router hunter that transmits a packet. The source IP address 606 is used by the suspicious router to return an ICMP time exceeded message to the rogue router hunter when the suspicious router is routing.

  The destination IP address 608 is a fake IP address. Since Rogue Router Hunter does not know the IP address of any suspicious router or subnet machine, the correct destination IP address is not used in packet 600. The fake IP address in destination IP address 608 does not match the IP address of the suspicious router, and therefore the suspicious router attempts to route the packet when routing is enabled, so the suspicious router A fake IP address is placed in the destination IP address 608 to enable the method to process the packet 600 and to allow the rogue router hunter to discover if a suspicious router is routing.

  The TTL field 610 is a value that specifies an activity time value assigned to the packet 600. When Rogue Router Hunter creates packet 600, Rogue Router Hunter assigns a value of “1” to TTL field 610 because only one hop is required between Rogue Router Hunter and the suspect router. . A value of 1 in the TTL field 610 causes the suspicious router to return an ICMP time exceeded message to the rogue router hunter when the suspicious router receives the packet 600.

  FIG. 7 is a flow diagram of a process for discovering unauthorized routers according to exemplary embodiments. This process includes the source MAC address of the rogue router hunter, the destination MAC address of the suspect router, the source IP address of the rogue router hunter, the false destination IP address, and a TTL field having a value of 1. 6 begins when the rogue router hunter program creates a data packet according to the packet 600 of FIG. 6 (step 702). The rogue router hunter sends the packet to the suspect router (step 704). Since the destination MAC address in the packet matches the MAC address of the suspected router's network interface card, the suspected router receives the packet (step 706).

  Next, the suspicious router checks the destination IP address (fake IP address) in the packet to determine whether the packet is for the suspicious router (step 708). Since the destination IP address in the packet is a fake address, the destination IP address in the packet does not match the IP address of the suspicious router. Thus, the suspicious router determines that the packet is not for the suspicious router (step 710).

  At this point, if no routing functionality is enabled on the suspicious router, the suspicious router discards the packet (step 712) and then the process ends. Since the rogue router hunter does not receive an ICMP time exceeded message from the suspect router, the rogue router hunter determines that the suspect router is not routing.

  However, if the routing function is enabled on the suspicious router, the suspicious router checks the TTL field in the packet (step 714). Since the TTL field in the packet created by the rogue router hunter has a value of 1, the suspicious router will send an ICMP time exceeded message to the rogue router hunter (packet sender) based on the source IP address in the packet. Is returned (step 716). Since the source IP address in the packet is the rogue router hunter's IP address, the rogue router hunter receives an ICMP time exceeded message (step 718).

  When the overtime message from the suspicious router is received by the rogue router hunter, the rogue router hunter knows that the suspicious router is routing (step 720). The rogue router hunter can then alert the network security administrator that the suspect router is an unauthorized router on the network (step 722), after which the process ends.

  Embodiments of the invention can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements. In a preferred embodiment, the present invention is implemented in software, including but not limited to firmware, resident software, microcode, etc.

  Further, embodiments of the invention are in the form of a computer program accessible from a computer-usable or computer-readable medium that provides program code for use by or in connection with a computer or any instruction execution system. Can take. For purposes of this description, a computer-usable or computer-readable medium is any medium that can contain, store, communicate, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device. It can be a tangible device.

  The medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium. Examples of computer readable media include semiconductor or solid state memory, magnetic tape, removable computer diskette, random access memory (RAM), read only memory (ROM), rigid magnetic disk, and optical disk. Current examples of optical disks include compact disk read-only memory (CD-ROM), rewritable compact disk (CD-R / W), and DVD.

  Further, the computer storage medium is computer readable such that when the computer readable program code is executed on the computer, execution of the computer readable program code causes the computer to transmit other computer readable program code over a communication link. Can contain or store program code. This communication link may use, for example, without limitation, a medium that is physical or wireless.

  A data processing system suitable for storing and / or executing program code will include at least one processor coupled directly or indirectly to storage elements through a system bus. The storage elements include local memory used during actual execution of program code, mass storage, and at least to reduce the number of times code must be retrieved from mass storage during execution. And cache memory that provides temporary storage of some program code.

  Input / output or I / O devices (including but not limited to keyboards, displays, pointing devices, etc.) can be coupled to the system either directly or through intervening input / output controllers.

  Network adapters can also be coupled to the system so that the data processing system can be coupled to other data processing systems or remote printers or storage devices via private or public networks . Modems, cable modems, and Ethernet cards are just some of the currently available types of network adapters.

  The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to practitioners skilled in this art. This embodiment is intended to best illustrate the principles of the invention, practical applications, and to illustrate the invention with respect to various embodiments including various modifications suitable for the particular application contemplated by those skilled in the art. It has been chosen and described for the sake of understanding.

Claims (20)

  1. A computer-implemented method for detecting unauthorized routers in a distributed network comprising:
    Obtaining the physical address of the destination device;
    Creating a data packet including at least a destination media access control field, a destination internet protocol field, and an active time field, wherein the destination media access control field includes the physical address of the destination device; The destination internet protocol field includes a fake internet protocol address and the activity time field includes a value indicating that the data packet has exceeded a time limit;
    Transmitting the data packet to the destination device using the physical address in the destination media access control field;
    In response to receiving an overtime message from the destination device, determining that the destination device is available for routing;
    A computer-implemented method comprising:
  2. 2. The computer-implemented method of claim 1, further comprising determining that the destination device is not available for routing in response to not receiving an overtime message from the destination device. Method.
  3.   The computer-implemented method of claim 1, wherein the physical address of the destination device is a media access control address of a network interface card in the destination device.
  4.   The said data packet further comprises a source media access control field comprising a physical address of the source device and a source internet protocol field comprising an internet protocol address of said source device. A method performed by a computer.
  5.   Whether the destination device examines the destination internet protocol address in the data packet and whether the destination internet protocol address in the data packet matches the internet protocol address of the destination device And if the routing is enabled on the destination device, check the value of the activity time field in the data packet to determine that the data packet has exceeded a time limit. The computer-implemented method of claim 1, wherein the time exceeded message is sent to the internet protocol address in the source internet protocol address field when the value indicates.
  6.   6. The computer-implemented method of claim 5, wherein the destination device discards the data packet when routing is not enabled on the destination device.
  7.   The computer-implemented method of claim 1, wherein the determination is made that the destination device is enabled for routing when the internet protocol address for the destination device is unknown. Method.
  8.   2. The determination is performed that the destination device is enabled for routing when the internet protocol address for a device on the destination device subnet is unknown. A method performed by a computer.
  9.   The computer-implemented method of claim 8, wherein the device is offline or powered off.
  10.   The computer-implemented method of claim 1, wherein the physical address of the destination device is obtained using one of a ping utility or an address resolution protocol.
  11. A data processing system for detecting unauthorized routers in a distributed network,
    With bus,
    A storage device connected to the bus, the storage device including computer usable code;
    At least one management device connected to the bus;
    A communication device connected to the bus;
    A processing device connected to the bus, obtaining a physical address of the destination device, creating a data packet including at least a destination media access control field, a destination internet protocol field, and an active time field; The destination media access control field contains the physical address of the destination device, the destination internet protocol field contains a fake internet protocol address, and the activity time field indicates that the data packet has exceeded the time limit In response to receiving the time exceeded message from the destination device and transmitting the data packet to the destination device using the physical address in the destination media access control field. The destination device A processor for executing the computer usable code to determine that become available for designation,
    Including data processing system.
  12. A computer program for detecting unauthorized routers in a distributed network,
    Including a computer usable medium in which the computer usable program code is tangibly implemented, the computer usable program code comprising:
    Computer usable program code to obtain the physical address of the destination device;
    Computer-usable program code for creating a data packet including at least a destination media access control field, a destination internet protocol field, and an active time field, wherein the destination media access control field is the destination device A computer-usable program comprising: a physical internet address; wherein the destination internet protocol field comprises a fake internet protocol address; and the activity time field comprises a value indicating that the data packet has exceeded a time limit. Code,
    Computer usable program code for transmitting the data packet to the destination device using the physical address in the destination media access control field;
    Computer-usable program code for determining that the destination device is enabled for routing in response to receiving an overtime message from the destination device;
    Including computer programs.
  13. The computer-usable program code for determining that the destination device is not enabled for routing in response to not receiving an overtime message from the destination device. 12. The computer program according to 12.
  14.   The computer program product according to claim 12, wherein the physical address of the destination device is a media access control address of a network interface card in the destination device.
  15.   The said data packet further includes a source media access control field that includes a physical address of the source device and a source internet protocol field that includes an internet protocol address of the source device. Computer program.
  16.   Whether the destination device examines the destination internet protocol address in the data packet and whether the destination internet protocol address in the data packet matches the internet protocol address of the destination device And if the routing is enabled on the destination device, check the value of the activity time field in the data packet to determine that the data packet has exceeded a time limit. 13. The computer program product of claim 12, wherein when the value indicates, the overtime message is sent to the internet protocol address in the source internet protocol address field.
  17.   The computer program product of claim 16, wherein the destination device discards the data packet when routing is not enabled on the destination device.
  18.   Used by the destination device for routing when the Internet protocol address for the destination device is unknown or when the Internet protocol address for a device on the destination device's subnet is unknown The computer program product of claim 12, wherein the determination is made that it is possible.
  19.   The computer program product of claim 18, wherein the device is offline or powered off.
  20.   The computer program product of claim 12, wherein the physical address of the destination device is obtained using one of a ping utility or an address resolution protocol.
JP2010527400A 2007-10-05 2008-09-22 Computer-implemented method, data processing system, and computer program (router detection) for detecting unauthorized routers in a distributed network Pending JP2010541441A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US11/867,726 US7991877B2 (en) 2007-10-05 2007-10-05 Rogue router hunter
PCT/EP2008/062593 WO2009043745A1 (en) 2007-10-05 2008-09-22 Router detection

Publications (1)

Publication Number Publication Date
JP2010541441A true JP2010541441A (en) 2010-12-24

Family

ID=40352285

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2010527400A Pending JP2010541441A (en) 2007-10-05 2008-09-22 Computer-implemented method, data processing system, and computer program (router detection) for detecting unauthorized routers in a distributed network

Country Status (8)

Country Link
US (1) US7991877B2 (en)
EP (1) EP2201738B1 (en)
JP (1) JP2010541441A (en)
KR (1) KR101253390B1 (en)
CN (1) CN101816166B (en)
CA (1) CA2698317C (en)
TW (1) TW200934193A (en)
WO (1) WO2009043745A1 (en)

Families Citing this family (159)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8074279B1 (en) * 2007-12-28 2011-12-06 Trend Micro, Inc. Detecting rogue access points in a computer network
US10009065B2 (en) 2012-12-05 2018-06-26 At&T Intellectual Property I, L.P. Backhaul link for distributed antenna system
US9113347B2 (en) 2012-12-05 2015-08-18 At&T Intellectual Property I, Lp Backhaul link for distributed antenna system
US9525524B2 (en) 2013-05-31 2016-12-20 At&T Intellectual Property I, L.P. Remote distributed antenna system
US9999038B2 (en) 2013-05-31 2018-06-12 At&T Intellectual Property I, L.P. Remote distributed antenna system
US9655232B2 (en) 2013-11-05 2017-05-16 Cisco Technology, Inc. Spanning tree protocol (STP) optimization techniques
US9674086B2 (en) 2013-11-05 2017-06-06 Cisco Technology, Inc. Work conserving schedular based on ranking
US9397946B1 (en) 2013-11-05 2016-07-19 Cisco Technology, Inc. Forwarding to clusters of service nodes
US9686180B2 (en) 2013-11-05 2017-06-20 Cisco Technology, Inc. Managing routing information for tunnel endpoints in overlay networks
US9502111B2 (en) 2013-11-05 2016-11-22 Cisco Technology, Inc. Weighted equal cost multipath routing
US9769078B2 (en) 2013-11-05 2017-09-19 Cisco Technology, Inc. Dynamic flowlet prioritization
US9374294B1 (en) * 2013-11-05 2016-06-21 Cisco Technology, Inc. On-demand learning in overlay networks
US9825857B2 (en) 2013-11-05 2017-11-21 Cisco Technology, Inc. Method for increasing Layer-3 longest prefix match scale
US8897697B1 (en) 2013-11-06 2014-11-25 At&T Intellectual Property I, Lp Millimeter-wave surface-wave communications
US9509092B2 (en) 2013-11-06 2016-11-29 Cisco Technology, Inc. System and apparatus for network device heat management
US9209902B2 (en) 2013-12-10 2015-12-08 At&T Intellectual Property I, L.P. Quasi-optical coupler
US9692101B2 (en) 2014-08-26 2017-06-27 At&T Intellectual Property I, L.P. Guided wave couplers for coupling electromagnetic waves between a waveguide surface and a surface of a wire
US9768833B2 (en) 2014-09-15 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for sensing a condition in a transmission medium of electromagnetic waves
US10063280B2 (en) 2014-09-17 2018-08-28 At&T Intellectual Property I, L.P. Monitoring and mitigating conditions in a communication network
US9628854B2 (en) 2014-09-29 2017-04-18 At&T Intellectual Property I, L.P. Method and apparatus for distributing content in a communication network
US9615269B2 (en) 2014-10-02 2017-04-04 At&T Intellectual Property I, L.P. Method and apparatus that provides fault tolerance in a communication network
US9685992B2 (en) 2014-10-03 2017-06-20 At&T Intellectual Property I, L.P. Circuit panel network and methods thereof
US9503189B2 (en) 2014-10-10 2016-11-22 At&T Intellectual Property I, L.P. Method and apparatus for arranging communication sessions in a communication system
US9762289B2 (en) 2014-10-14 2017-09-12 At&T Intellectual Property I, L.P. Method and apparatus for transmitting or receiving signals in a transportation system
US9973299B2 (en) 2014-10-14 2018-05-15 At&T Intellectual Property I, L.P. Method and apparatus for adjusting a mode of communication in a communication network
US9564947B2 (en) 2014-10-21 2017-02-07 At&T Intellectual Property I, L.P. Guided-wave transmission device with diversity and methods for use therewith
US9780834B2 (en) 2014-10-21 2017-10-03 At&T Intellectual Property I, L.P. Method and apparatus for transmitting electromagnetic waves
US9627768B2 (en) 2014-10-21 2017-04-18 At&T Intellectual Property I, L.P. Guided-wave transmission device with non-fundamental mode propagation and methods for use therewith
US9577306B2 (en) 2014-10-21 2017-02-21 At&T Intellectual Property I, L.P. Guided-wave transmission device and methods for use therewith
US9520945B2 (en) 2014-10-21 2016-12-13 At&T Intellectual Property I, L.P. Apparatus for providing communication services and methods thereof
US9312919B1 (en) 2014-10-21 2016-04-12 At&T Intellectual Property I, Lp Transmission device with impairment compensation and methods for use therewith
US9653770B2 (en) 2014-10-21 2017-05-16 At&T Intellectual Property I, L.P. Guided wave coupler, coupling module and methods for use therewith
US9769020B2 (en) 2014-10-21 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for responding to events affecting communications in a communication network
US9800327B2 (en) 2014-11-20 2017-10-24 At&T Intellectual Property I, L.P. Apparatus for controlling operations of a communication device and methods thereof
US10243784B2 (en) 2014-11-20 2019-03-26 At&T Intellectual Property I, L.P. System for generating topology information and methods thereof
US9954287B2 (en) 2014-11-20 2018-04-24 At&T Intellectual Property I, L.P. Apparatus for converting wireless signals and electromagnetic waves and methods thereof
US9544006B2 (en) 2014-11-20 2017-01-10 At&T Intellectual Property I, L.P. Transmission device with mode division multiplexing and methods for use therewith
US9680670B2 (en) 2014-11-20 2017-06-13 At&T Intellectual Property I, L.P. Transmission device with channel equalization and control and methods for use therewith
US9654173B2 (en) 2014-11-20 2017-05-16 At&T Intellectual Property I, L.P. Apparatus for powering a communication device and methods thereof
US10116493B2 (en) 2014-11-21 2018-10-30 Cisco Technology, Inc. Recovering from virtual port channel peer failure
US10009067B2 (en) 2014-12-04 2018-06-26 At&T Intellectual Property I, L.P. Method and apparatus for configuring a communication interface
US9742462B2 (en) 2014-12-04 2017-08-22 At&T Intellectual Property I, L.P. Transmission medium and communication interfaces and methods for use therewith
US10144036B2 (en) 2015-01-30 2018-12-04 At&T Intellectual Property I, L.P. Method and apparatus for mitigating interference affecting a propagation of electromagnetic waves guided by a transmission medium
US9876570B2 (en) 2015-02-20 2018-01-23 At&T Intellectual Property I, Lp Guided-wave transmission device with non-fundamental mode propagation and methods for use therewith
US9749013B2 (en) 2015-03-17 2017-08-29 At&T Intellectual Property I, L.P. Method and apparatus for reducing attenuation of electromagnetic waves guided by a transmission medium
US9705561B2 (en) 2015-04-24 2017-07-11 At&T Intellectual Property I, L.P. Directional coupling device and methods for use therewith
US10224981B2 (en) 2015-04-24 2019-03-05 At&T Intellectual Property I, Lp Passive electrical coupling device and methods for use therewith
US9948354B2 (en) 2015-04-28 2018-04-17 At&T Intellectual Property I, L.P. Magnetic coupling device with reflective plate and methods for use therewith
US9793954B2 (en) 2015-04-28 2017-10-17 At&T Intellectual Property I, L.P. Magnetic coupling device and methods for use therewith
US9748626B2 (en) 2015-05-14 2017-08-29 At&T Intellectual Property I, L.P. Plurality of cables having different cross-sectional shapes which are bundled together to form a transmission medium
US9871282B2 (en) 2015-05-14 2018-01-16 At&T Intellectual Property I, L.P. At least one transmission medium having a dielectric surface that is covered at least in part by a second dielectric
US9490869B1 (en) 2015-05-14 2016-11-08 At&T Intellectual Property I, L.P. Transmission medium having multiple cores and methods for use therewith
US9917341B2 (en) 2015-05-27 2018-03-13 At&T Intellectual Property I, L.P. Apparatus and method for launching electromagnetic waves and for modifying radial dimensions of the propagating electromagnetic waves
US10103801B2 (en) 2015-06-03 2018-10-16 At&T Intellectual Property I, L.P. Host node device and methods for use therewith
US9912381B2 (en) 2015-06-03 2018-03-06 At&T Intellectual Property I, Lp Network termination and methods for use therewith
US10154493B2 (en) 2015-06-03 2018-12-11 At&T Intellectual Property I, L.P. Network termination and methods for use therewith
US9866309B2 (en) 2015-06-03 2018-01-09 At&T Intellectual Property I, Lp Host node device and methods for use therewith
US20160359541A1 (en) 2015-06-03 2016-12-08 At&T Intellectual Property I, Lp Client node device and methods for use therewith
US10348391B2 (en) 2015-06-03 2019-07-09 At&T Intellectual Property I, L.P. Client node device with frequency conversion and methods for use therewith
US9913139B2 (en) 2015-06-09 2018-03-06 At&T Intellectual Property I, L.P. Signal fingerprinting for authentication of communicating devices
US9997819B2 (en) 2015-06-09 2018-06-12 At&T Intellectual Property I, L.P. Transmission medium and method for facilitating propagation of electromagnetic waves via a core
US10142086B2 (en) 2015-06-11 2018-11-27 At&T Intellectual Property I, L.P. Repeater and methods for use therewith
US9608692B2 (en) 2015-06-11 2017-03-28 At&T Intellectual Property I, L.P. Repeater and methods for use therewith
US9820146B2 (en) 2015-06-12 2017-11-14 At&T Intellectual Property I, L.P. Method and apparatus for authentication and identity management of communicating devices
US9667317B2 (en) 2015-06-15 2017-05-30 At&T Intellectual Property I, L.P. Method and apparatus for providing security using network traffic adjustments
US9865911B2 (en) 2015-06-25 2018-01-09 At&T Intellectual Property I, L.P. Waveguide system for slot radiating first electromagnetic waves that are combined into a non-fundamental wave mode second electromagnetic wave on a transmission medium
US9509415B1 (en) 2015-06-25 2016-11-29 At&T Intellectual Property I, L.P. Methods and apparatus for inducing a fundamental wave mode on a transmission medium
US9640850B2 (en) 2015-06-25 2017-05-02 At&T Intellectual Property I, L.P. Methods and apparatus for inducing a non-fundamental wave mode on a transmission medium
US9628116B2 (en) 2015-07-14 2017-04-18 At&T Intellectual Property I, L.P. Apparatus and methods for transmitting wireless signals
US9847566B2 (en) 2015-07-14 2017-12-19 At&T Intellectual Property I, L.P. Method and apparatus for adjusting a field of a signal to mitigate interference
US10033108B2 (en) 2015-07-14 2018-07-24 At&T Intellectual Property I, L.P. Apparatus and methods for generating an electromagnetic wave having a wave mode that mitigates interference
US9853342B2 (en) 2015-07-14 2017-12-26 At&T Intellectual Property I, L.P. Dielectric transmission medium connector and methods for use therewith
US10205655B2 (en) 2015-07-14 2019-02-12 At&T Intellectual Property I, L.P. Apparatus and methods for communicating utilizing an antenna array and multiple communication paths
US9836957B2 (en) 2015-07-14 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for communicating with premises equipment
US10170840B2 (en) 2015-07-14 2019-01-01 At&T Intellectual Property I, L.P. Apparatus and methods for sending or receiving electromagnetic signals
US10044409B2 (en) 2015-07-14 2018-08-07 At&T Intellectual Property I, L.P. Transmission medium and methods for use therewith
US10033107B2 (en) 2015-07-14 2018-07-24 At&T Intellectual Property I, L.P. Method and apparatus for coupling an antenna to a device
US10320586B2 (en) 2015-07-14 2019-06-11 At&T Intellectual Property I, L.P. Apparatus and methods for generating non-interfering electromagnetic waves on an insulated transmission medium
US9722318B2 (en) 2015-07-14 2017-08-01 At&T Intellectual Property I, L.P. Method and apparatus for coupling an antenna to a device
US9882257B2 (en) 2015-07-14 2018-01-30 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US10148016B2 (en) 2015-07-14 2018-12-04 At&T Intellectual Property I, L.P. Apparatus and methods for communicating utilizing an antenna array
US10341142B2 (en) 2015-07-14 2019-07-02 At&T Intellectual Property I, L.P. Apparatus and methods for generating non-interfering electromagnetic waves on an uninsulated conductor
US9793951B2 (en) 2015-07-15 2017-10-17 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US9608740B2 (en) 2015-07-15 2017-03-28 At&T Intellectual Property I, L.P. Method and apparatus for launching a wave mode that mitigates interference
US10090606B2 (en) 2015-07-15 2018-10-02 At&T Intellectual Property I, L.P. Antenna system with dielectric array and methods for use therewith
US9948333B2 (en) 2015-07-23 2018-04-17 At&T Intellectual Property I, L.P. Method and apparatus for wireless communications to mitigate interference
US9912027B2 (en) 2015-07-23 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for exchanging communication signals
US9749053B2 (en) 2015-07-23 2017-08-29 At&T Intellectual Property I, L.P. Node device, repeater and methods for use therewith
US9871283B2 (en) 2015-07-23 2018-01-16 At&T Intellectual Property I, Lp Transmission medium having a dielectric core comprised of plural members connected by a ball and socket configuration
US9735833B2 (en) 2015-07-31 2017-08-15 At&T Intellectual Property I, L.P. Method and apparatus for communications management in a neighborhood network
US9461706B1 (en) 2015-07-31 2016-10-04 At&T Intellectual Property I, Lp Method and apparatus for exchanging communication signals
US9967173B2 (en) 2015-07-31 2018-05-08 At&T Intellectual Property I, L.P. Method and apparatus for authentication and identity management of communicating devices
US10020587B2 (en) 2015-07-31 2018-07-10 At&T Intellectual Property I, L.P. Radial antenna and methods for use therewith
US9904535B2 (en) 2015-09-14 2018-02-27 At&T Intellectual Property I, L.P. Method and apparatus for distributing software
US10079661B2 (en) 2015-09-16 2018-09-18 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having a clock reference
US10051629B2 (en) 2015-09-16 2018-08-14 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an in-band reference signal
US9705571B2 (en) 2015-09-16 2017-07-11 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system
US10009901B2 (en) 2015-09-16 2018-06-26 At&T Intellectual Property I, L.P. Method, apparatus, and computer-readable storage medium for managing utilization of wireless resources between base stations
US10009063B2 (en) 2015-09-16 2018-06-26 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an out-of-band reference signal
US10136434B2 (en) 2015-09-16 2018-11-20 At&T Intellectual Property I, L.P. Method and apparatus for use with a radio distributed antenna system having an ultra-wideband control channel
US9769128B2 (en) 2015-09-28 2017-09-19 At&T Intellectual Property I, L.P. Method and apparatus for encryption of communications over a network
US9729197B2 (en) 2015-10-01 2017-08-08 At&T Intellectual Property I, L.P. Method and apparatus for communicating network management traffic over a network
US9882277B2 (en) 2015-10-02 2018-01-30 At&T Intellectual Property I, Lp Communication device and antenna assembly with actuated gimbal mount
US10074890B2 (en) 2015-10-02 2018-09-11 At&T Intellectual Property I, L.P. Communication device and antenna with integrated light assembly
US9876264B2 (en) 2015-10-02 2018-01-23 At&T Intellectual Property I, Lp Communication system, guided wave switch and methods for use therewith
US10355367B2 (en) 2015-10-16 2019-07-16 At&T Intellectual Property I, L.P. Antenna structure for exchanging wireless signals
US10051483B2 (en) 2015-10-16 2018-08-14 At&T Intellectual Property I, L.P. Method and apparatus for directing wireless signals
US10142163B2 (en) 2016-03-07 2018-11-27 Cisco Technology, Inc BFD over VxLAN on vPC uplinks
US10333828B2 (en) 2016-05-31 2019-06-25 Cisco Technology, Inc. Bidirectional multicasting over virtual port channel
US9912419B1 (en) 2016-08-24 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for managing a fault in a distributed antenna system
US9860075B1 (en) 2016-08-26 2018-01-02 At&T Intellectual Property I, L.P. Method and communication node for broadband distribution
US10193750B2 (en) 2016-09-07 2019-01-29 Cisco Technology, Inc. Managing virtual port channel switch peers from software-defined network controller
US10291311B2 (en) 2016-09-09 2019-05-14 At&T Intellectual Property I, L.P. Method and apparatus for mitigating a fault in a distributed antenna system
US10432578B2 (en) 2016-09-27 2019-10-01 Cisco Technology, Inc. Client address based forwarding of dynamic host configuration protocol response packets
US10135147B2 (en) 2016-10-18 2018-11-20 At&T Intellectual Property I, L.P. Apparatus and methods for launching guided waves via an antenna
US10135146B2 (en) 2016-10-18 2018-11-20 At&T Intellectual Property I, L.P. Apparatus and methods for launching guided waves via circuits
US10340600B2 (en) 2016-10-18 2019-07-02 At&T Intellectual Property I, L.P. Apparatus and methods for launching guided waves via plural waveguide systems
US10374316B2 (en) 2016-10-21 2019-08-06 At&T Intellectual Property I, L.P. System and dielectric antenna with non-uniform dielectric
US9991580B2 (en) 2016-10-21 2018-06-05 At&T Intellectual Property I, L.P. Launcher and coupling system for guided wave mode cancellation
US9876605B1 (en) 2016-10-21 2018-01-23 At&T Intellectual Property I, L.P. Launcher and coupling system to support desired guided wave mode
US10312567B2 (en) 2016-10-26 2019-06-04 At&T Intellectual Property I, L.P. Launcher with planar strip antenna and methods for use therewith
US10340573B2 (en) 2016-10-26 2019-07-02 At&T Intellectual Property I, L.P. Launcher with cylindrical coupling device and methods for use therewith
US10498044B2 (en) 2016-11-03 2019-12-03 At&T Intellectual Property I, L.P. Apparatus for configuring a surface of an antenna
US10225025B2 (en) 2016-11-03 2019-03-05 At&T Intellectual Property I, L.P. Method and apparatus for detecting a fault in a communication system
US10224634B2 (en) 2016-11-03 2019-03-05 At&T Intellectual Property I, L.P. Methods and apparatus for adjusting an operational characteristic of an antenna
US10291334B2 (en) 2016-11-03 2019-05-14 At&T Intellectual Property I, L.P. System for detecting a fault in a communication system
US10090594B2 (en) 2016-11-23 2018-10-02 At&T Intellectual Property I, L.P. Antenna system having structural configurations for assembly
US10178445B2 (en) 2016-11-23 2019-01-08 At&T Intellectual Property I, L.P. Methods, devices, and systems for load balancing between a plurality of waveguides
US10340601B2 (en) 2016-11-23 2019-07-02 At&T Intellectual Property I, L.P. Multi-antenna system and methods for use therewith
US10340603B2 (en) 2016-11-23 2019-07-02 At&T Intellectual Property I, L.P. Antenna system having shielded structural configurations for assembly
US10305190B2 (en) 2016-12-01 2019-05-28 At&T Intellectual Property I, L.P. Reflecting dielectric antenna system and methods for use therewith
US10361489B2 (en) 2016-12-01 2019-07-23 At&T Intellectual Property I, L.P. Dielectric dish antenna system and methods for use therewith
US10135145B2 (en) 2016-12-06 2018-11-20 At&T Intellectual Property I, L.P. Apparatus and methods for generating an electromagnetic wave along a transmission medium
US10382976B2 (en) 2016-12-06 2019-08-13 At&T Intellectual Property I, L.P. Method and apparatus for managing wireless communications based on communication paths and network device positions
US10326494B2 (en) 2016-12-06 2019-06-18 At&T Intellectual Property I, L.P. Apparatus for measurement de-embedding and methods for use therewith
US9927517B1 (en) 2016-12-06 2018-03-27 At&T Intellectual Property I, L.P. Apparatus and methods for sensing rainfall
US10439675B2 (en) 2016-12-06 2019-10-08 At&T Intellectual Property I, L.P. Method and apparatus for repeating guided wave communication signals
US10020844B2 (en) 2016-12-06 2018-07-10 T&T Intellectual Property I, L.P. Method and apparatus for broadcast communication via guided waves
US10446936B2 (en) 2016-12-07 2019-10-15 At&T Intellectual Property I, L.P. Multi-feed dielectric antenna system and methods for use therewith
US10359749B2 (en) 2016-12-07 2019-07-23 At&T Intellectual Property I, L.P. Method and apparatus for utilities management via guided wave communication
US10243270B2 (en) 2016-12-07 2019-03-26 At&T Intellectual Property I, L.P. Beam adaptive multi-feed dielectric antenna system and methods for use therewith
US10139820B2 (en) 2016-12-07 2018-11-27 At&T Intellectual Property I, L.P. Method and apparatus for deploying equipment of a communication system
US10168695B2 (en) 2016-12-07 2019-01-01 At&T Intellectual Property I, L.P. Method and apparatus for controlling an unmanned aircraft
US10027397B2 (en) 2016-12-07 2018-07-17 At&T Intellectual Property I, L.P. Distributed antenna system and methods for use therewith
US9893795B1 (en) 2016-12-07 2018-02-13 At&T Intellectual Property I, Lp Method and repeater for broadband distribution
US10389029B2 (en) 2016-12-07 2019-08-20 At&T Intellectual Property I, L.P. Multi-feed dielectric antenna system with core selection and methods for use therewith
US10389037B2 (en) 2016-12-08 2019-08-20 At&T Intellectual Property I, L.P. Apparatus and methods for selecting sections of an antenna array and use therewith
US10326689B2 (en) 2016-12-08 2019-06-18 At&T Intellectual Property I, L.P. Method and system for providing alternative communication paths
US10103422B2 (en) 2016-12-08 2018-10-16 At&T Intellectual Property I, L.P. Method and apparatus for mounting network devices
US10411356B2 (en) 2016-12-08 2019-09-10 At&T Intellectual Property I, L.P. Apparatus and methods for selectively targeting communication devices with an antenna array
US9911020B1 (en) 2016-12-08 2018-03-06 At&T Intellectual Property I, L.P. Method and apparatus for tracking via a radio frequency identification device
US10069535B2 (en) 2016-12-08 2018-09-04 At&T Intellectual Property I, L.P. Apparatus and methods for launching electromagnetic waves having a certain electric field structure
US9998870B1 (en) 2016-12-08 2018-06-12 At&T Intellectual Property I, L.P. Method and apparatus for proximity sensing
US10264586B2 (en) 2016-12-09 2019-04-16 At&T Mobility Ii Llc Cloud-based packet controller and methods for use therewith
US9838896B1 (en) 2016-12-09 2017-12-05 At&T Intellectual Property I, L.P. Method and apparatus for assessing network coverage
US10340983B2 (en) 2016-12-09 2019-07-02 At&T Intellectual Property I, L.P. Method and apparatus for surveying remote sites via guided wave communications
US9973940B1 (en) 2017-02-27 2018-05-15 At&T Intellectual Property I, L.P. Apparatus and methods for dynamic impedance matching of a guided wave launcher
US10298293B2 (en) 2017-03-13 2019-05-21 At&T Intellectual Property I, L.P. Apparatus of communication utilizing wireless network devices
US10454882B2 (en) 2017-06-30 2019-10-22 Cisco Technology, Inc. DHCP in layer-3 overlay with anycast address support and network address transparency

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005057233A2 (en) * 2003-12-08 2005-06-23 Airtight Networks, Inc. Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5835720A (en) * 1996-05-17 1998-11-10 Sun Microsystems, Inc. IP discovery apparatus and method
JP4484190B2 (en) * 2001-04-19 2010-06-16 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation Router search system, router search method, and router search program
US7149219B2 (en) * 2001-12-28 2006-12-12 The Directtv Group, Inc. System and method for content filtering using static source routes
US7603469B2 (en) 2002-01-15 2009-10-13 International Business Machines Corporation Provisioning aggregated services in a distributed computing environment
US6978314B2 (en) * 2002-02-26 2005-12-20 Xerox Corporation System and method for locating devices on a local area network
US8346951B2 (en) * 2002-03-05 2013-01-01 Blackridge Technology Holdings, Inc. Method for first packet authentication
US7448076B2 (en) * 2002-09-11 2008-11-04 Mirage Networks, Inc. Peer connected device for protecting access to local area networks
US7558265B2 (en) * 2003-01-31 2009-07-07 Intel Corporation Methods and apparatus to limit transmission of data to a localized area
EP1649660B1 (en) * 2003-07-11 2019-09-04 CA, Inc. System and method for securing networks
JP4174392B2 (en) * 2003-08-28 2008-10-29 Necシステムテクノロジー株式会社 Network unauthorized connection prevention system and network unauthorized connection prevention device
US20050108415A1 (en) * 2003-11-04 2005-05-19 Turk Doughan A. System and method for traffic analysis
JP3729830B2 (en) 2004-02-19 2005-12-21 日立電子サービス株式会社 Unauthorized routing monitoring method, unauthorized routing monitoring program, and unauthorized routing monitoring device
DE102004015560B4 (en) * 2004-03-30 2006-03-23 Siemens Ag Method for testing routing systems
US7496049B2 (en) * 2005-04-14 2009-02-24 International Business Machines Corporation Method and system using ARP cache data to enhance accuracy of asset inventories
US8503446B2 (en) 2005-08-29 2013-08-06 Alcatel Lucent Multicast host authorization tracking, and accounting
US9154499B2 (en) * 2007-05-29 2015-10-06 Absolute Software Corporation Offline data delete with false trigger protection

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005057233A2 (en) * 2003-12-08 2005-06-23 Airtight Networks, Inc. Method and system for monitoring a selected region of an airspace associated with local area networks of computing devices

Also Published As

Publication number Publication date
CN101816166A (en) 2010-08-25
US7991877B2 (en) 2011-08-02
WO2009043745A1 (en) 2009-04-09
TW200934193A (en) 2009-08-01
CA2698317A1 (en) 2009-04-09
EP2201738B1 (en) 2014-07-30
US20090094357A1 (en) 2009-04-09
EP2201738A1 (en) 2010-06-30
KR101253390B1 (en) 2013-04-11
CA2698317C (en) 2017-02-28
KR20100067666A (en) 2010-06-21
CN101816166B (en) 2012-12-26

Similar Documents

Publication Publication Date Title
Yegneswaran et al. On the design and use of Internet sinks for network abuse monitoring
US7181769B1 (en) Network security system having a device profiler communicatively coupled to a traffic monitor
EP2612488B1 (en) Detecting botnets
US8146160B2 (en) Method and system for authentication event security policy generation
CN100556031C (en) Intelligent integrated network security device
US7921462B2 (en) Identifying a distributed denial of service (DDOS) attack within a network and defending against such an attack
DK2241058T3 (en) A method for configuring the ACLS on a network device on the basis of the flow information
US5793763A (en) Security system for network address translation systems
US7409714B2 (en) Virtual intrusion detection system and method of using same
Provos A Virtual Honeypot Framework.
US6954775B1 (en) Parallel intrusion detection sensors with load balancing for high speed networks
US8972571B2 (en) System and method for correlating network identities and addresses
US7162740B2 (en) Denial of service defense by proxy
US7499395B2 (en) BFD rate-limiting and automatic session activation
KR101054705B1 (en) Method and apparatus for detecting port scans with counterfeit source addresses
US6578147B1 (en) Parallel intrusion detection sensors with load balancing for high speed networks
JP2009504104A (en) System and method for realizing adaptive security by dynamically learning network environment
US9930018B2 (en) System and method for providing source ID spoof protection in an infiniband (IB) network
US7418486B2 (en) Automatic discovery and configuration of external network devices
CN101589595B (en) A containment mechanism for potentially contaminated end systems
US9712490B1 (en) Identifying applications for intrusion detection systems
US8397284B2 (en) Detection of distributed denial of service attacks in autonomous system domains
US5708654A (en) Method for detecting proxy ARP replies from devices in a local area network
Qadeer et al. Network traffic analysis and intrusion detection using packet sniffer
US8130747B2 (en) System and method of traffic inspection and stateful connection forwarding among geographically dispersed network appliances organized as clusters

Legal Events

Date Code Title Description
A975 Report on accelerated examination

Free format text: JAPANESE INTERMEDIATE CODE: A971005

Effective date: 20110825

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20110830

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20110926

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20120104